• Overview of Benefits
• Features
  • - Authnodes & RADIUS
  • - Automated End User Helpdesk
  • - Brand the Signify service with your own labels
  • - Emergency Access Management
  • - How to set up the service
  • - How to set up your security policy
  • - IMC Logging and Reporting
  • - Overview of Provisioning Services
  • - Role Based Management
  • - RSA SecurID - The market leading authentication tokens
  • - Signify Service Infrastructure
  • - Temporary User Access Control
  • - The Identity Management Centre (IMC)
  • - Why you still need 2FA with Juniper SSL VPNs
  • - Signify Service availability
• Services
• How to Buy
• Contact Us

• Home

Why you still need 2FA with Juniper SSL VPNs

Today’s SSL VPNs provide organisations with a cost effective and reliable way of providing their remote users with access to networks, applications and files; but how secure are they and can they really prevent data loss?

Juniper’s security features do not address the issue of identity

Juniper Network’s SSL VPNs include a number of security features. These features can identify the device and network being used by the remote user, check the device for Malware and grant access to applications and files based on the remote user’s privileges.  What these features can’t do is actually verify the identity of the individual accessing your network.

It’s wrong to assume that passwords, even when used with an SSL VPN’s security features, can authenticate the identity of a user.  Passwords can be easily snooped, phished, cracked or guessed – so is the user logging in, really who they say they are?

Where is your data going?

If you can’t be certain of the identity of your remote user, you can’t be sure where your data going – leading to the serious issue of data loss.  Once a user’s username and password have been compromised, an attacker can assume their digital identity and acquire all their privileges – as far as the SSL VPN knows they are a trusted remote user and it grants access to everything the compromised user had access to.

‘Anywhere’ access shouldn’t limit what you have access to

If an SSL VPN can’t verify the remote user’s device or network as trusted, it will only enable limited access to applications and files.  While this is a prudent security measure, it can be very inconvenient for users who need full access to their business network but through no fault of their own can only log in using an unknown device and network – such as a kiosk at an airport.

As SSL VPNs grant at least some access to devices deemed ‘clean’ of Malware, all an unauthorised user would need to do, once they had obtained a user name and password, would be to connect to the SSL VPN using a ‘clean’ laptop.  Just because a device is verified as “trustworthy”, it doesn’t mean the user is too.

The solution – Two factor authentication

Integrating two factor authentication with your SSL VPN solves the issue of identity in remote access.  You are able to not only verify the device or network being used, but also that the remote user is who they say they are.    With the user’s identity confirmed,  you can be satisfied that you know where your data is going and with Juniper’s SSL VPN security features ensure you only share your data with a ‘clean’ device or network. Together these two complimentary approaches provide comprehensive secure ‘anywhere’ access.